We are also trying to use LDAP for user authentication and message
authorization. A co-worker of mine found a mismatch between the code and
documentation [1].
After assorted code and configuration tweaks, he has arrived at what seems
like a reasonable set of changes and also has a way to authorize message by
queue/topic provided they are predefined. I am aware that JMS does not
allow wild-carded destinations (though ActiveMQ does), and we are looking
for a way to make use of that in our authorization. We are considering
creating a new AuthorizationMap that would reuse much of LDAPAuthorization,
but it seems to me that there is likely a solution which we are just not
finding.
Any help out there?
thanks, bob
[1] For example, on
http://activemq.apache.org/security.html
in the section
LDAP Authentication Using the JAAS Plugin
the configuration parameter
topicSearchMatching
must have been updated to
topicSearchMatchingFormat
which is a MessageFormat in ActiveMQ 5.3.2.
lhays wrote:
>
> I am trying to prototype the use of ActiveMQ and openLDAP, and I am new to
> both applications.
> I see there are issues with the LDAPAuthorizationMap, (AMQ-826).
> I have successfully connected and sent messages/topics through a message
> broker using simpleAuthentication and authorizationEntries, (FUSE
> 5.3.0.5).
> I tried two different authentication/authorization configurations with
> LDAP:
> - authentication/authorization with LDAP
> - authentication with LDAP and authorization with the activemq.xml
> I receive an error on start up when using a LDAPAuthorizationMap, (No
> property "topicSearchFormat" found).
> I receive authorization errors for Advisory Connection topics when I try
> to authorize with the activemq.xml.
>
> I have 2 questions:
> 1. Is there another way to retrieve topic authorization from an LDAP
> source?
> 2. What configuration allows you to authenticate using JAAS/LDAP but
> authorize using the activemq.xml settings?
>
>
> Thanks,
> Lawrence
>
> lhay...@gmail.com
>
>
> ngcutura wrote:
>>
>> There is an issue associated with this (AMQ-826). Conversation has moved
>> there.
>>
>> First version is already included in AMQ (SVN and daily snapshots). I
>> have new version that is complete but I need to finish unit tests before
>> I send the patch.
>>
>> Regards,
>> NGC
>>
>>
>> Sagi Mann wrote:
>>>
>>> Hi, are there any news on this? Could you provide the link to your
>>> thread in the dev forum?
>>>
>>>
>>>
>>
>>
>
>
--
View this message in context:
http://old.nabble.com/LDAP-Authorization-tp4861283p29493119.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
